Posts

How to Read Apache AccessLog




Today, using Apache on a Linux system is the standard setup and we as server engineers often need to read its access logs. This blog post briefly explains how to read it.


 


Sample

[root@test-aws-harukainoue httpd]# tail access_log
xxx.xx.xx.xxx - - [11/May/2022:12:01:22 +0000] "GET / HTTP/1.0" 200 35 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3602.2 Safari/537.36"

The Apache configuration file is written in "/etc/httpd/conf/httpd.conf" by default.

Inside the configuration file, you see something like below:

LogFormat "%h %l %u %t \"%r\" %t %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog "logs/access_log" combined

It can be seen that the format 'combined' is set as the default. The logs are designed to be displayed according to this format.




​Format string

Description

​Access log value

Note

%h

​IP address of remote host

%l

User name of the connection source

-(Not set)

​This field is usually set to "-", but if mod_ident exists on the server and the IdentityCheck directive is set to If "mod_ident" exists on the server and the "IdentityCheck" directive is set to "On", the value will be output.

%u

Remote user

-(Not set)

%t

Date and time accessed

11/May/2022 12:01

\"%r\"

​Accessed file

​Action = GET

HTTP = protocol

Resource = 1.0

*Backslashes are indicated by '\'.

%>s

Status code

200(Normal)

%b

Amount of point sending for the resource

35 bytes

\"%{Referer}i\"

URL of the access source

-(Not set)

The output shows whether the site was accessed directly from the URL or via some other website.

\"%{User-Agent}i\"

​What operating system and from which browser it accessed the site

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3602.2 Safari/537.36

OS = Linux

Browser = Chrome


A Quick Tips of Status Codes

Status codes are numbers (codes) that the web server and web browser use to communicate with each other's status.


200 = Successful request

301 = Requested page has been moved to another page.

302 = Temporarily moving to another page.

403 = No authorization to display the requested page.

404 = Requested page does not exist.

500 = Error occurred on the server-side.



 





This blog post is translated from a blog post written by Haruka Inoue on our Japanese website Beyond Co..